We use email and cloud file storage services such as Gmail or Dropbox. However, these services may not be suitable for storing personal and professional confidential data. It is unsafe to use online cloud storage service for business. There is a solution to this problem. PEPS is a platform for the exchange of mail and files based on end-to-end encryption. Data is encrypted and decrypted on your computer (the client) but not on the server. In this case, the server never sees unencrypted data. This gives the confidence that even if the server is hacked, the hackers won’t get access to your correspondence or any data that is stored on the server.

This tutorial consists of information about the basic functions, the principle of installation and operation of this software.

Prerequisites:

PEPS is distributed as a Docker container to simplify the installation.

Docker is an open-source project that automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating-system-level virtualization on Linux. Allows you to “package” the application with all their surroundings and dependencies in a container that can be moved to any Linux system with cgroups support in the kernel, and also provides an environment for managing containers.

You need Ubuntu 14.04 x64 and installed Docker program. System requirements:

  1. Ubuntu 14.04 x64  with 2 GB RAM capacity (if you have only several users). Select 4 GB RAM or more if you need to create more users or you have to save a huge amount of information;
  2. SSL certificate to use instead of the self-signed. It is strongly recommended for production environments. You can also create a self-signed SSL free of charge.

If you are going to send messages via e-mail to external e-mail services, you will need to configure RDNS, to avoid getting your emails in spam. 

All commands in this tutorial must be performed by a user without root permissions. If the command requires root access, use Sudo command. Initial Ubuntu 14.04 server setup explains how to add users and give them SUDO access.

Step 1 – Docker installation

Installation on Ubuntu.

Update the software:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">sudo aptitude update
sudo aptitude -y upgrade</span>

Make sure that AUFS is available on your server. Aufs — completely rewritten UnionFS code, it is used to improve stability and increase productivity.

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">sudo aptitude install linux-image-extra-`uname -r`</span>

Add key to the Docker repository to check a package:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;"># sudo sh -c "wget -qO- https://get.docker.io/gpg | apt-key add -"
sudo: unable to resolve host localhost.localdomain
OK</span>

Add Docker repository:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">sudo sh -c "echo deb http://get.docker.io/ubuntu docker main\
&gt; /etc/apt/sources.list.d/docker.list"</span>

Update repository list:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">sudo aptitude update</span>

Upload and install docker:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">sudo aptitude install lxc-docker</span>

Ubuntu firewall (UFW: Uncomplicated firewall) rejects all redirected traffic, which is required for Docker (by default).

Activate redirection with UFW:

Change UFW configuration using nano – text editor.

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">sudo nano /etc/default/ufw</span>

Scroll down and find the line “DEFAULT_FORWARD_POLICY”, change the configuration from DROP to ACCEPT.

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">DEFAULT_FORWARD_POLICY="ACCEPT"</span>

Save using CTRL+X and press Y to confirm saving the file. After that, restart UFW:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">service ufw restart</span>

To start the Docker daemon, use:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">sudo docker -d &amp;</span>

You need to add the user to work now in the docker group (change root username to your own name):

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">sudo usermod -aG docker root</span>

Step 2 – Deploying PEPS

Reconnect to the system using SSH from your user account:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">ssh Your_user@Your_IP</span>

Clone the repository:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;"># git clone https://github.com/MLstate/PEPS</span>
<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">Cloning into 'PEPS'...
remote: Counting objects: 282, done.
remote: Total 282 (delta 0), reused 0 (delta 0), pack-reused 282
Receiving objects: 100% (282/282), 78.74 KiB | 0 bytes/s, done.
Resolving deltas: 100% (137/137), done.
Checking connectivity... done.</span>

Go to PEPS directory:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">cd PEPS</span>

Configure the domain name, enter your domain name instead of example.com:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">echo example.com &gt; domain</span>

This command creates a text file with the domain name (according to the domain name you have specified as the first and only line in the file).

Install make utility:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">sudo apt-get update
sudo apt-get install make</span>

Create containers (it may take you 10-20 minutes).

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">make build</span>

If everything was done correctly, you would see:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">Removing intermediate container e830b6ce75c0
Successfully built bbafc12c71c8</span>

For the first run we are going to create temporary SSL certificates / TLS and to run containers.

If you already have the SSL certificate for your domain, skip this step and copy the certificate and key (Step 5).

To create the temporary certificate use the following command:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">make certificate</span>

Fill in the fields to create a certificate.

We are ready to run PEPS using the following command:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">sudo make run</span>

Step 3 – The first entrance

To connect to the Web-intarface enter in the browser bar: https://Server_IP_Adress

Now we are using the temporary SSL certificates, your browser will warn you that this website is unsafe. To continue, press Additionally button (Chrome browser).

1488115117888

The field to create an administrator password appears at the first start.

File storage and mail server on PEPS

In the encryption system end-to-end in PEPS Admin account can create and remove users, but cannot view their files

You will see the main interface after you set the administrator password.

File storage and mail server on PEPS

Then create the domain and the certificate correctly.

Step 4 – Domain settings

PEPS is working correctly now. Now you have to set up the domain properly (use real SSL certificates, configure DNS and others).

Let`s start with DNS. The DNS configuration will differ depending on your provider of the domain names and also if you use a custom interface for configuring your DNS records.

You have to set up A and MX records. For example, example.com is placed on:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">mail.example.com.   10799   IN   A    your_server_ip
mail.example.com.   10799   IN   MX example.com.</span>

Your Droplet name must be mail.example.com. You can rename Droplet easily. Click on Droplet name to see the details, select Settings tab, press Rename tab. It can take some time so you have to wait till the records will be updated.

You can also setup the additional records. Use MXToolBox test: this service will check your domain settings.

As usual, DNS records update can take up to 48 hours.

Important: If you cannot send or receive email from external domain after you finished configuring PEPS, double check your A and MX records. Perhaps a mistake was made when creating records or these records may not be updated yet.

Step 5 – SSL certificate setup

To install the SSL certificate you have to copy files for your domain to PEPS directory (you received them from the certification center).

You may use the following command to copy files:

<span style="font-family: Ubuntu, sans-serif; font-size: 12pt;">scp server.key server.crt your_server_ip:/etc/peps/</span>

where your_server_ip – IP of your server.

Check whether your browser can open https://example.com without SSL error. Try to open it using an incognito tab in your browser.

Step 6 – Testing

To create more users you need to go to PEPS control panel with Administrator access and go to the “People” panel. Select “Users” and click on “New User” function button.

To check email try to send a letter to any Inbox and receive a response to the letter. If the letter is sent, but no response, then most likely the problem is in DNS records. They might not be updated or contain errors. Go back to step 4: Domain settings. Do not forget to check the receive email from the user.

Conclusion

Congratulations! Now you have PEPS working on Digital Ocean Droplet. You can send emails, share files and do a lot of other activities with special plugins.You may not worry about your data. They are protected on the server.

There are several manuals to know more:

User guide

Administrator guide

More documentation for developers can be found at GitHub.